FreeBSD : drupal -- multiple vulnerabilities (ecedde1c-5128-11dd-a4e1-0030843d3802)

medium Nessus Plugin ID 33493

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Drupal Project reports :

Free tagging taxonomy terms can be used to insert arbitrary script and HTML code (cross site scripting or XSS) on node preview pages. A successful exploit requires that the victim selects a term containing script code and chooses to preview the node. This issue affects Drupal 6.x only. Some values from OpenID providers are output without being properly escaped, allowing malicious providers to insert arbitrary script and HTML code (XSS) into user pages. This issue affects Drupal 6.x only. filter_xss_admin() has been hardened to prevent use of the object HTML tag in administrator input.

Translated strings (5.x, 6.x) and OpenID identities (6.x) are immediately deleted upon accessing a properly formatted URL, making such deletion vulnerable to cross site request forgeries (CSRF). This may lead to unintended deletion of translated strings or OpenID identities when a sufficiently privileged user visits a page or site created by a malicious person.

When contributed modules such as Workflow NG terminate the current request during a login event, user module is not able to regenerate the user's session. This may lead to a session fixation attack, when a malicious user is able to control another users' initial session ID.
As the session is not regenerated, the malicious user may use the 'fixed' session ID after the victim authenticates and will have the same access. This issue affects both Drupal 5 and Drupal 6.

Schema API uses an inappropriate placeholder for 'numeric' fields enabling SQL injection when user-supplied data is used for such fields.This issue affects Drupal 6 only.

Solution

Update the affected packages.

See Also

http://drupal.org/node/280571

http://www.nessus.org/u?2657d596

Plugin Details

Severity: Medium

ID: 33493

File Name: freebsd_pkg_ecedde1c512811dda4e10030843d3802.nasl

Version: 1.17

Type: local

Published: 7/15/2008

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:drupal5, p-cpe:/a:freebsd:freebsd:drupal6, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/13/2008

Vulnerability Publication Date: 7/9/2008

Reference Information

CVE: CVE-2008-3218, CVE-2008-3221

CWE: 352, 79

Secunia: 31028